Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda Protected Object Reviewer as a starting point for finding interesting sets of SAS metadata objects that have had access controls, Access Control Templates (or ACTs) and/or Access Control Entries (ACEs or explicit permissions), applied to them:

Protected Tree Branch Objects: show folders and objects, underneath the /Vegas Enterprises metadata tree branch, that have had any ACTs or ACEs applied to them.

Many of the Metacoda Plug-ins have Filter Bars which provide a way to filter the contents displayed and show an interesting subset. Normally they do simple case-insensitive “contains” filtering on key attributes like name and description (the filter bar label indicates which attributes are used).

Simple text filtering, as described above, is sufficient for many needs. However, for more advanced requirements there is the ability to switch to expression-based filters which are much more flexible. To use expression-based filtering you add a #@ prefix at the beginning of the filter bar field. What follows is then an expression that can use many of the other attributes/columns available in the tables. This expression is written as a Java like expression (BeanShell to be precise) and must resolve to a boolean true/false to determine whether a row should be shown in the table. Any errors in the expression will be shown in a popup error dialog.

Did you know that with SAS® 9.3 you can promote (export/import) SAS metadata packages containing users, groups, roles, and ACTs, just like you can with Jobs, Tables, Libraries, Stored Processes, Reports and Information Maps? I needed to do this myself a few weeks ago. I wanted to promote some groups, roles and ACTs from an existing SAS 9.3 M1 installation to a newer SAS 9.3 M2 installation. Security metadata can be exported and imported via a SAS package file (.spk) from special virtual folders under the top-level /System folder. These virtual folders are distinguishable from normal folders because they have white folder icons instead of yellow folder icons as shown below.

You can find out more information about this feature, including a few considerations you need to be aware of, by reading the Promoting Security Objects and Server Objects sub-section of the main Promotion Details for Specific Object Types section in the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.

My security metadata promotion was a little more complicated than normal because I was also promoting some security metadata located in a custom repository. I normally avoid using custom repositories as much as possible (preferring to store everything in the Foundation repository and partitioning content with folders and ACTs). This is especially the case for security metadata: I’ve found that security metadata in custom repositories, being less visible, tends to get forgotten until it gets rediscovered whilst troubleshooting tricky security problems. Helping a customer resolve such problems was the reason we made security metadata from custom repositories highly visible in our Metacoda Security Plug-ins. We have since needed to keep some security metadata in custom repositories for the purposes of development and testing of our software. This is the custom repository security metadata I was attempting to promote, but it took me a little while to find it in the virtual folders …. Continue reading “Promoting SAS Security Metadata (in Custom Repositories)”

I ran into a tricky issue today whilst migrating some Access Control Templates (ACTs) from an old SAS® 9.3 M0 deployment to a new SAS 9.3 M2 deployment. I’d seen it before and I initially forgot how I resolved it. It took a little while to rediscover the method that worked so I’m blogging it in the hope I won’t forget it in future. Perhaps it will help others too.

As you may know, SAS 9.3 has virtual folders that allow you to export security metadata like users, groups, roles and ACTs. It’s quite handy. We use it at Metacoda to migrate some security metadata we carry over from version to version for testing and demonstrating our Metacoda Security Plug-ins. You can find more information about migrating security metadata on the SAS web site in the Promotion Details for Specific Object Types section of the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.

I had successfully exported a package of ACTs from my source 9.3 M0 environment, but when I tried to import them into my target 9.3 M2 environment I saw the following error message:

It was quite puzzling. It said I had to import ACTs into a specific folder, but that was the very same folder I was trying to import into. I had a feeling of deja-vu. I realized I’d seen this back when I first set up our SAS 9.3 M0 environment and was testing migration of security metadata between levels for the same SAS version. Continue reading “Migrating SAS Access Control Templates”